Risk Management Course

Risk Management Course 5 days course

Risk Management Course:



The Practitioner Certificate in Information Risk Management (PCIRM) provides security practitioners with a comprehensive and highly practical course enabling them to develop a business focused information security and governance risk strategy. It closely follows the approaches recommended in the ISO 17799, ISO 27001 and BS 7799-3 standards. The five-day course prepares delegates to confidently sit the BCS/ISEB Practitioner Certificate in Information Risk Management examination.

Target Audience:

  • Information security and governance practitioners
  • Internal IT auditors
  • staff from within compliance and operational risk functions
  • IT managers and senior staff
  • Project managers and others responsible for designing security in to information systems.


Candidates should ideally have one to two years’ experience in information security and are looking to get increasingly involved in the risk management process within their organisation. An awareness of information security standards such as ISO 17799, and ISO 27001 would be beneficial, as would attendance on the Certificate in Information Security Management Principles course.


  • On completion of this course delegates will be able to:
  • develop an information risk management strategy
  • conduct threat vulnerability and likelihood assessments, business impact analyses and risk assessments
  • explain how the management of information risk will bring about significant business benefits
  • explain and make full use of information risk management terminology
  • explain the principles of controls and risk treatment
  • present results of the risk assessment in a format which will form the basis of a risk treatment plan
  • explain and produce information classification schemes
  • confidently sit the ISEB examination

Click Here to Download Our Booking Form


1 Concepts & Importance of information risk management:

1.1 The need for information risk management

1.2 The context of risk in the business

1.3 Review of information security fundamentals


2 The information risk management environment

2.1 Developing an information risk management strategy

2.2 Information risk management, risk assessment and risk treatment

2.3 Assets

2.4 Information risk management terminology


3 Stages of information risk management

3.1 Setting the scope

3.2 Business Impact Analysis

3.3 Threat and vulnerability assessment

3.4 Risk determination

3.5 Information risk management controls


4 Action and implementation

4.1 Information risk management methodologies

4.2 Risk reporting and presentation

4.3 Decision making

4.4 Risk treatment

4.5 Risk monitoring


5 Information classification schemes

5.1 Classification process

5.2 Classification issues

5.3 Typical classification schemes

Leave a Reply